Fix API Key Authorization for Cron Jobs by adding [AllowAnonymous] attribute to scheduling endpoints

2025-12-06 00:50:20 +01:00
parent 08abd96751
commit d2fb9b8071
2 changed files with 15 additions and 0 deletions
--- a/.claude/project-context.md
+++ b/.claude/project-context.md
@@ -5,6 +5,18 @@

 ## RECENT CHANGES (This Session)

+**API Key Authorization Fix for Cron Jobs (Dec 6, 2025):**
+- ✅ **Fixed 401 Unauthorized on API Key Endpoints** - Cron jobs calling `/jobs/schedule` endpoints were getting rejected despite valid API keys
+- ✅ **Added [AllowAnonymous] Attribute** - Bypasses controller-level `[Authorize]` to allow `[ApiKeyAuth]` filter to handle authorization
+- ✅ **Three Endpoints Fixed** - Applied fix to all job scheduling endpoints:
+  - `POST /jobs/schedule` - Schedule all jobs (imports + processes)
+  - `POST /jobs/schedule/imports` - Schedule import jobs only
+  - `POST /jobs/schedule/processes` - Schedule process jobs only
+- Root cause: Controller-level `[Authorize]` attribute required JWT Bearer auth for all endpoints, blocking API key authentication
+- Solution: Add `[AllowAnonymous]` to allow `[ApiKeyAuth]` filter to validate X-API-Key header
+- Files modified: [JobsController.cs](DiunaBI.API/Controllers/JobsController.cs)
+- Status: Cron jobs can now authenticate with API key via X-API-Key header
+
 **SignalR Authentication Token Flow Fix (Dec 6, 2025):**
 - ✅ **TokenProvider Population** - Fixed `TokenProvider.Token` never being set with JWT, causing 401 Unauthorized on SignalR connections
 - ✅ **AuthService Token Management** - Injected `TokenProvider` into `AuthService` and set token in 3 key places: